A certificate issued by an external CA is not revoked after you remove it from IdM. This is because the certificate does not exist in the IdM CA database. You can only revoke these certificates manually from the external CA side.

The commands require you to specify the following information:

the name of the user, host, or service

the Base64-encoded DER certificate

To run the commands interactively, execute them without adding any options.

To provide the required information directly with the command, use command-line arguments and options:

$ ipa user-add-cert user --certificate=MIQTPrajQAwg...

Note

Instead of copying and pasting the certificate contents into the command line, you can convert the certificate to the DER format and then re-encode it to base64. For example, to add the user_cert.pem certificate to user:

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.